1 (edited by RobertS 2011-09-13 14:14:18)

Topic: Sender throttling with Policyd on Debian Squeeze

The standard IRedMail instructions for throttling contain errors (for Debian Squeeze) and are very unclear in places (to me at least). Here's how I got it working. I'm posting this as a way of giving back and I hope it helps others. Be warned that until you do the following, there is NO throttling. If a spammer gets hold of an account, they can, and will, blast away until your mail server is on every blacklist in existence. iRedMail version is 0.7.3.

  • There are two files in /etc you need to be concerned with: postfix-policyd.conf and postfix-policyd_throttle.conf. The instructions wrongly refer to a postfix-policyd_sender_throttle.conf which doesn't exist. You could rename postfix-policyd_throttle.conf if you really want, but I'll assume you don't.

  • Now edit postfix-policyd.conf (in /etc), and be sure the following are set as indicated. Most should already be set, but just in case. Warning: This is NOT the complete file!

SENDERTHROTTLE=0
SENDER_THROTTLE_SASL=0
SENDER_THROTTLE_HOST=0
RECIPIENTTHROTTLE=1
  • Now edit postfix-policyd_throttle.conf (in /etc), and be sure the following are set as indicated. Most should already be set, but just in case they aren't, I've listed them. You are turning off almost everything because the other policyd config file will handle that. Warning: This is NOT the complete file!

SENDERTHROTTLE=1
SENDER_THROTTLE_SASL=1
SENDER_THROTTLE_HOST=0
RECIPIENTTHROTTLE=0
WHITELISTING=0 #If 1, throttling won't work!
BLACKLISTING=0
BLACKLIST_HELO=0
BLACKLISTSENDER=0
HELO_CHECK=0
SPAMTRAPPING=0
GREYLISTING=0
  • Create the file below as /etc/init.d/postfix-policyd_throttle. This is the complete file.

#! /bin/sh
### BEGIN INIT INFO
# Provides:          postfix-policyd_throttle
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/postfix-policyd
CONFIG=/etc/postfix-policyd_throttle.conf
PIDFILE='/var/run/policyd_throttle.pid'
NAME=postfix-policyd_throttle
DESC="Postfix throttling policy daemon"

test -x $DAEMON || exit 0

# Include policyd defaults if available
#if [ -f /etc/default/postfix-policyd ] ; then
#       . /etc/default/postfix-policyd
#fi

set -e

PIDFILE=`grep "PIDFILE" $CONFIG | awk -F "=" '{print $2}' | awk '{print $1}'`

case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        echo "$NAME."
        ;;
  reload|force-reload)
        echo -n "Reloading $DESC configuration: "
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
        echo "$NAME."
        ;;
  restart)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PIDFILE --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet --background --pidfile $PIDFILE --exec $DAEMON -- -c $CONFIG
        echo "$NAME."
        ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

exit 0
  • Now set up and restart your policyd daemons by running the following commands:

update-rc.d postfix-policyd_sender_throttle defaults
/etc/init.d/postfix-policyd_sender_throttle restart
/etc/init.d/postfix-policyd restart
  • Now run the following command to see if everything is working right. You should get two lines of output, with the important parts shown below:

netstat -ntlp | grep -i 1003
tcp        0      0 127.0.0.1:10031         0.0.0.0:*
tcp        0      0 127.0.0.1:10032         0.0.0.0:*
  • Next, make one edit in /etc/postfix/main.cf. The following line should already be there, but commented out. Uncomment it. If it's not there, add it.

smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10032
  • Finally, force postfix to re-read your new configuration.

postfix reload
  • If it works, you'll find lines similar to the following in /var/log/mail.log.

postfix-policyd: rcpt=81, throttle=update(a), host=127.0.0.1,
from=robert@example.com, to=someone@spamtrap.net, size=1749/10240000,
quota=30611/250000000, count=9/50(9), rcpt=9/3600(9), threshold=0%|16%|0%
Setting individual quotas
  • If you want to set an individual quota, you'll need to use some sql. IRedMail does come with phpmyadmin, which makes this much easier. This needs to entered in the postfixpolicyd database. A sample sql statement to set robert@example.com to 50 emails per hour would be:

INSERT INTO throttle (_from,_count_max,_quota_max,_time_limit,_mail_size,_date,_priority)
 VALUES ('robert@example.com',  # from address                             
          50,                # maximum messages per time unit
          250000000,         # size in bytes (250 megs) (maximum is 2gig)
          3600,             # time unit in seconds (1 day)
          10240000,          # maximum message size (10 meg)
          UNIX_TIMESTAMP(),  # current time
          10);               # priority of record

Based on some tests I ran, it seems the count is incremented by the number of recipients plus 1, at least for messages sent through roundcube. So if you compose a message to 3 people, your message count goes up by 4, not 3. If you compose to 1 person, your message count goes up by 2.

Also, the time unit should really be read as in the last X seconds (I think; I'm not certain what time unit it uses for expiring old counts). For example, if my limit is 50 per hour (as above), and I send 10 messages at 1:00 PM, then 15 more at 1:10 PM (total count 25), at 2:01 PM, I can send 35 more (25 unsent, plus the first 10 have now expired).

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Sender throttling with Policyd on Debian Squeeze

Thanks for your contribution, i fixed wiki tutorial by comparing with yours. It should be correct now.
http://iredmail.org/wiki/index.php?titl … ian.Ubuntu

P.S. In your post, item 2, "Now edit postfix-policyd_throttle.conf (in /etc)", it should be postfix-policyd.conf, isn't it?

3 (edited by RobertS 2011-09-13 14:24:03)

Re: Sender throttling with Policyd on Debian Squeeze

ZhangHuangbin wrote:

Thanks for your contribution, i fixed wiki tutorial by comparing with yours. It should be correct now.
http://iredmail.org/wiki/index.php?titl … ian.Ubuntu

P.S. In your post, item 2, "Now edit postfix-policyd_throttle.conf (in /etc)", it should be postfix-policyd.conf, isn't it?

Yes. I copied the wrong point. I fixed it above.

I looked at the updates you made to the FAQ and mostly it is good, but you should explicitly state, as I do above, that the settings for /etc/postfix-policyd_throttle.conf and /etc/postfix-policyd.conf are NOT the complete file. That's one of the hurdles I had to overcome. because it does say "File" on the line above it, which led me to believe it was the complete file.

4

Re: Sender throttling with Policyd on Debian Squeeze

RobertS wrote:

but you should explicitly state, as I do above, that the settings for /etc/postfix-policyd_throttle.conf and /etc/postfix-policyd.conf are NOT the complete file.

Fixed. smile
http://iredmail.org/wiki/index.php?titl … ian.Ubuntu